CVE-2023-6259
EUVD-2023-5850419.02.2024, 22:15
Insufficiently Protected Credentials, : Improper Access Control vulnerability in Brivo ACS100, ACS300 allows Password Recovery Exploitation, Bypassing Physical Security.This issue affects ACS100, ACS300: from 5.2.4 before 6.2.4.3.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| brivo | acs100_firmware | 5.2.4 ≤ 𝑥 < 6.2.4.3 |
| brivo | acs300_firmware | 5.2.4 ≤ 𝑥 < 6.2.4.3 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| brivo | acs100_firmware | 5.2.4 ≤ 𝑥 < 6.2.4.3 | ADP |
| brivo | acs300_firmware | 5.2.4 ≤ 𝑥 < 6.2.4.3 | ADP |
Common Weakness Enumeration
- CWE-284 - Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
- CWE-522 - Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.